Lois Larson
In August 2024, Seattle-Tacoma International Airport (also known as Sea-Tac Airport) was the target of a cyberattack that resulted in a significant outage. The attack was carried out by a hacker group known as Rhysida, which has been linked to other ransomware attacks on large organizations. The airport experienced disruptions in various operations, including gate guidance, baggage handling, ticketing, and check-in kiosks. The attack caused chaos among travellers and highlighted the importance of robust cybersecurity measures. While the airport was able to restore most of its systems and operations, the incident served as a reminder of the potential impact of cyberattacks on critical infrastructure.
| Characteristics | Values |
|---|---|
| Date of the attack | 24 August 2024 |
| Airport | Seattle-Tacoma International Airport |
| Location | Seattle |
| Hacker group | Rhysida |
| Type of attack | Ransomware |
| Data stolen | Files, emails |
| Affected systems | Message boards, public WiFi, display boards, website, app, baggage systems, ticketing, check-in kiosks, email |
| Impact | Minimum flight delays, manual check-in, paper boarding passes |
| Ransom amount | 100 bitcoin ($6 million) |
| Payment status | Not paid |
| Investigation status | Ongoing, FBI involved |
Explore related products
What You'll Learn
- The hacker group Rhysida demanded $6 million in bitcoin as ransom
- The attack disrupted ticketing, check-in kiosks and baggage handling
- The airport isolated critical systems and worked to restore full service
- The attack was launched at a busy time, a week before the Labor Day holiday weekend
- The airport is still recovering from the attack
The hacker group Rhysida demanded $6 million in bitcoin as ransom
On 24 August 2024, Seattle-Tacoma International Airport (also known as SEA or Sea-Tac) was hit by a cyberattack that disrupted internet and display systems, causing chaos and inconvenience for travellers. The attack was launched at a busy time, just a week before the Labor Day holiday weekend.
The hacker group Rhysida was identified as the perpetrator and demanded 100 bitcoin, valued at around $6 million, as ransom. This group is known to law enforcement agencies for carrying out ransomware attacks on large organisations. They have been observed using external-facing remote services to initially access and navigate within a network, such as virtual private networks (VPNs).
The Port of Seattle, which owns and operates the airport, has refused to pay the ransom. They have released a statement emphasising that it remains safe to travel from the airport and use the Port's maritime facilities. The Port isolated critical systems and worked to restore full service, although there was no estimated time for when systems would return to normal. The attack primarily affected shared systems between airlines, including baggage handling, ticketing, check-in kiosks, and gate information displays.
The airport is still recovering from the attack, with lingering effects remaining. The Transportation Security Administration's (TSA) equipment and computer systems were not impacted, and Customs and Border Protection services continued to operate. The Federal Bureau of Investigation (FBI) is conducting a criminal investigation into the incident, and the airport is collaborating with them to prevent similar attacks in the future.
Hawaii's Airports: A Comprehensive Overview of the Island's Major Aviation Hubs
You may want to see also
Explore related products
The attack disrupted ticketing, check-in kiosks and baggage handling
On 24 August 2024, Seattle-Tacoma International Airport (also known as SEA or Sea-Tac) was hit by a cyberattack that disrupted ticketing, check-in kiosks, and baggage handling. The attack was carried out by a hacker group called Rhysida, known for ransomware attacks on large organizations.
The cyberattack affected internet and display systems, causing message boards and screens across the airport to go dark. This made it difficult for travellers to find their gates and flight information. The attack also impacted the airport's ability to send emails and plunged the airport into an operational crisis for several days. Some airlines resorted to manual processes, including using pen and paper to check in passengers and hand-writing boarding passes.
Baggage handling was particularly affected by the attack, with one source noting that it was "getting the worst of it". The disruption caused by the cyberattack led to a backlog of more than 8,000 bags that had to be manually sorted by airline staff.
The Port of Seattle, which manages the airport, confirmed that data was stolen during the ransomware attack. The hacker group Rhysida demanded a ransom of $6 million in bitcoin for the return of the data. However, the Port of Seattle refused to pay the ransom, stating that doing so would not make it "a good steward of taxpayer dollars". The FBI and the Transportation Security Administration are conducting a criminal investigation into the attack and working to prevent similar incidents in the future.
Airport Security: Ground Zero for Safety?
You may want to see also
Explore related products
![Hack-o-Lantern [4k Ultra HD]](https://m.media-amazon.com/images/I/71eqZfhiW9L._AC_UY218_.jpg)
The airport isolated critical systems and worked to restore full service
The Port of Seattle, which includes the Seattle-Tacoma International Airport, experienced a cyberattack on 24 August 2024. The attack was linked to a ransomware gang called Rhysida, which has been known to law enforcement agencies for ransomware attacks on large organisations. The attack resulted in a loss of internet and display systems, including message boards and email services, forcing the airport to isolate critical systems and work to restore full services.
The airport was plunged into an operational crisis, with officials and workers unable to even send emails. However, flights were able to operate, albeit with significant disruptions. Passengers on smaller airlines had to use paper boarding passes, and some airlines had to manually check in passengers, sort baggage, and handwrite boarding passes. The Transportation Security Administration's (TSA) equipment and computer systems were not affected, and Customs and Border Protection services continued.
The Port of Seattle took measures to thwart the attack and ensure the safety of travellers, deploying workers throughout the airport to guide passengers and using various methods to ensure bags reached their aircraft. The TSA also issued emergency regulations in 2023 for airports and aircraft operators to have pre-approved implementation plans for increased security measures. Despite these efforts, public WiFi and display boards with flight and baggage information remained down for more than a week after the attack.
The airport is still working to restore full services and has provided updates on its progress. Volunteers remain on the ground to help travellers, and the airport has advised travellers to complete as much of the preflight process as possible at home, as terminal screens continue to have issues displaying up-to-date flight information. The airport is also working with the Federal Bureau of Investigation and the TSA to determine how the attack was orchestrated and to prevent similar incidents in the future.
TF Green Airport: Navigating the Zone
You may want to see also
Explore related products
![Hacks: Season One [DVD]](https://m.media-amazon.com/images/I/7177PrU6xUL._AC_UY218_.jpg)
![Hacks: Season 2 [DVD]](https://m.media-amazon.com/images/I/81IeJSFZSbL._AC_UY218_.jpg)
The attack was launched at a busy time, a week before the Labor Day holiday weekend
The Seattle-Tacoma International Airport (SEA) was hit by a cyberattack on 24 August 2024. The attack was launched at a busy time, just a week before the Labor Day holiday weekend.
The attack was carried out by a hacker group known as Rhysida, which has been identified by law enforcement agencies for its ransomware attacks on large organizations. The group gained access to the airport's computer systems, causing internet and display system outages and disruptions. As a result, the airport was left without internet and web systems, with many screens and displays going dark. The attack affected various operations throughout the airport, including baggage handling, ticketing, check-in kiosks, and email communication. Some airlines were forced to manually check in passengers, using pen and paper.
The Port of Seattle, which manages the airport, confirmed the data breach and released a report on the cyberattack. They emphasized that it remains safe to travel from the airport and use the Port's maritime facilities. The Port isolated critical systems and worked to restore full service, although there was no estimated time for a return to normal operations. The airport deployed workers throughout the airport to guide passengers and ensure bags reached their aircraft.
The attack had a significant impact on travellers, causing chaos and serving as a stark reminder of the importance of cybersecurity. Despite the challenges, flights were able to operate with minimal delays. The Transportation Security Administration's (TSA) equipment and computer systems were unaffected, and Customs and Border Protection services continued. However, public WiFi and display boards with flight and baggage information remained down for over a week.
The hacker group, Rhysida, has demanded a ransom of $6 million in bitcoin for the stolen data. They have posted the data on the dark web and are offering it to criminals through an auction. The Port of Seattle has decided not to pay the ransom, stating that doing so would not be a good use of taxpayer dollars. The FBI is conducting a criminal investigation into the attack, and the airport is working with the TSA to prevent similar incidents in the future.
The Meaning of PIT: Understanding Airport Code Abbreviations
You may want to see also
Explore related products
The airport is still recovering from the attack
Seattle-Tacoma International Airport (SEA) is still recovering from a cyberattack that took place on 24 August 2024. The attack was carried out by a hacker group called Rhysida, known for ransomware attacks on large organisations. The hackers gained access to the airport's computer systems, causing internet and display system outages and disrupting various operations.
The cyberattack affected multiple shared systems across airlines, including baggage handling, ticketing, check-in kiosks, and gate information. Some airlines had to resort to manual processes, using pen and paper to check in passengers and handwrite boarding passes. Public WiFi, flight information display boards, the airport website, and the flySEA app remained down for over a week.
While the airport has regained access to its software systems, the attack had far-reaching consequences. The hackers stole sensitive data, including personal information such as Social Security numbers and signatures, which they posted on the dark web. They are now demanding a ransom of $6 million in bitcoin to remove the data, which the airport has refused to pay.
The airport is working closely with the Federal Bureau of Investigation (FBI) and the Transportation Security Administration (TSA) to investigate the attack and prevent similar incidents in the future. Volunteers are also on the ground to assist travellers affected by the ongoing disruptions.
The Port of Seattle, which manages the airport, has emphasised that it remains safe to travel through Seattle-Tacoma International Airport. They have isolated critical systems and are working to restore full service, but there is no estimated time for a complete return to normal operations.
Airports in Fresno, CA: A Comprehensive Overview
You may want to see also
Frequently asked questions
The Seattle-Tacoma International Airport was hacked on 24 August 2024.
The attack was carried out by a hacker group called Rhysida, known for ransomware attacks on large organisations.
The attack caused internet and display system outages, disrupting ticketing, check-in kiosks, and baggage handling. Flights were still able to operate, but some passengers had to use paper boarding passes.
The Port of Seattle, which manages the airport, isolated critical systems and worked to restore services. The airport deployed workers to guide passengers and manage baggage. The FBI is conducting a criminal investigation into the attack.
